HSTS security header is now standard

IT Asset Management version 2020 R2

Consistent with current security best practice for web-based applications, from the 2020 R2 release, the presentation server for the web interface of IT Asset Management issues the HSTS header (HTTP Strict Transport Security) with all responses. This header instructs all client web browsers to enforce HTTPS for access to the presentation server.

This is in addition to the existing 307 redirects, which correct any browser using the standard HTTP protocol to access the same site using the HTTPS secure protocol. The HTTPS protocol, along with an accompanying server certificate, protects from malicious activity like man-in-the-middle attacks. Even if an operator accidentally enters the HTTP protocol, the client web browser, after receiving the HSTS header, automatically corrects the URL to the HTTPS protocol before transmitting the request.

IT Asset Management (Cloud)